I hope it was obvious that I was pretty confident that you actually had a reason. :)
The issue what what you are saying is that sometimes it is technically correct for a name to not be validatable. The reason we want an unsecured delegation for .homenet is that .homenet can't be validated using the root trust anchor, because the name is has no globally unique meaning. So the reason that you've given doesn't apply to this case, although I completely agree with your reason as it applies to the case of names that are globally unique. On Wed, Dec 14, 2016 at 11:59 AM, Steve Crocker <st...@shinkuro.com> wrote: > The latter. All DNS answers at all levels should be signed to assure the > querier of the integrity of the answer. This has been the goal and best > practice for a very long time. For example, it was the explicit objective > of the quote substantial DNSSEC effort funded by the US Dept of Homeland > Security starting in 2004. > > Within ICANN, in 2009 we made it a formal requirement of all new gTLDs > must be signed. The ccTLDs are not subject to ICANN rules but they have > been gradually moving toward signed status. Most of the major ccTLDs are > signed and many of the others are too. Detailed maps are created every > week by ISOC. > > I will also try to contribute to the homenet mailing list. > > Steve > > Sent from my iPhone > > On Dec 14, 2016, at 11:36 AM, Ted Lemon <mel...@fugue.com> wrote: > > Is this a matter of religious conviction, or is there some issue with > unsecured delegations in the root that you are assuming is so obvious that > you don't need to tell us about it? :) > > On Wed, Dec 14, 2016 at 11:18 AM, Steve Crocker <st...@shinkuro.com> > wrote: > >> I am strongly opposed to unsecured delegations in the root zone. No >> matter what the problem is, an unsecured delegation is not the answer. >> >> Steve >> >> On Dec 14, 2016, at 11:11 AM, Suzanne Woolf <suzworldw...@gmail.com> >> wrote: >> >> Hi all, >> >> DNSOP participants who are interested in the special use names problem >> might want to review draft-ietf-homenet-redact ( >> https://datatracker.ietf.org/doc/draft-ietf-homenet-redact/) and >> draft-ietf-homenet-dot (https://datatracker.ietf.org/ >> doc/draft-ietf-homenet-dot/) for the WGLC on them in the HOMENET wg. >> >> WGLC comments should go to the WG list, home...@ietf.org. >> >> If you do, it will also be helpful to look at RFC 7788, which specifies >> the Home Networking Control Protocol for homenets. >> >> The redact draft is intended to remove the inadvertent reservation of >> “.home” as the default namespace for homenets in RFC 7788. >> >> The homenet-dot draft is intended to provide a request under RFC 6761 for >> “.homenet” as a special use name to serve as a default namespace for >> homenets. It also asks IANA for an unsecured delegation in the root zone to >> avoid DNSSEC validation failures for local names under “.homenet”. The root >> zone request to IANA has caused some discussion within the WG, as there’s >> no precedent for such a request. >> >> Terry Manderson mentioned the homenet-dot draft briefly at the mic in >> Seoul. >> >> The WGLC ends this week. >> >> >> Suzanne >> >> Begin forwarded message: >> >> *From: *Ray Bellis <r...@bellis.me.uk> >> *Subject: **[homenet] WGLC on "redact" and "homenet-dot"* >> *Date: *November 17, 2016 at 11:27:08 PM EST >> *To: *HOMENET <home...@ietf.org> >> >> This email commences a four week WGLC comment period on >> draft-ietf-homenet-redact and draft-ietf-homenet-dot >> >> Please send any comments to the WG list as soon as possible. >> >> Whilst there was a very strong hum in favour of ".homenet" vs anything >> else during the meeting, and there's some discussion of that ongoing >> here on the list - I'd like us to please keep the discussion of the >> choice of domain separate from other substantive comment about the >> drafts' contents. >> >> thanks, >> >> Ray >> >> _______________________________________________ >> homenet mailing list >> home...@ietf.org >> https://www.ietf.org/mailman/listinfo/homenet >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> >> >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
